#!/bin/bash

# 网关认证授权逻辑一致性测试脚本
# 作者: Wu.Liang
# 日期: 2024-12-21

echo "=========================================="
echo "网关认证授权逻辑一致性测试"
echo "=========================================="

# 配置
GATEWAY_URL="http://127.0.0.1:8000"
USER_SERVICE_URL="http://127.0.0.1:8001"
TEST_USERNAME="admin"
TEST_PASSWORD="123456"

echo "1. 测试网关登录接口..."
echo "请求: POST ${GATEWAY_URL}/api/user/auth/login"
echo "数据: {\"username\":\"${TEST_USERNAME}\",\"password\":\"${TEST_PASSWORD}\"}"
echo ""

# 测试登录
LOGIN_RESPONSE=$(curl -s -X POST "${GATEWAY_URL}/api/user/auth/login" \
  -H "Content-Type: application/json" \
  -d "{\"username\":\"${TEST_USERNAME}\",\"password\":\"${TEST_PASSWORD}\"}")

echo "登录响应:"
echo "$LOGIN_RESPONSE"
echo ""

# 提取token
TOKEN=$(echo "$LOGIN_RESPONSE" | grep -o '"accessToken":"[^"]*"' | cut -d'"' -f4)

if [ -z "$TOKEN" ]; then
    echo "❌ 登录失败，无法获取token"
    exit 1
fi

echo "✅ 登录成功，获取到token: ${TOKEN:0:20}..."
echo ""

echo "2. 测试网关认证逻辑..."
echo "请求: GET ${GATEWAY_URL}/api/user/current-user"
echo "Header: Authorization: Bearer ${TOKEN:0:20}..."
echo ""

# 测试网关认证
GATEWAY_AUTH_RESPONSE=$(curl -s -X GET "${GATEWAY_URL}/api/user/current-user" \
  -H "Authorization: Bearer $TOKEN")

echo "网关认证响应:"
echo "$GATEWAY_AUTH_RESPONSE"
echo ""

echo "3. 测试用户服务直接认证..."
echo "请求: GET ${USER_SERVICE_URL}/user/current-user"
echo "Header: Authorization: Bearer ${TOKEN:0:20}..."
echo ""

# 测试用户服务直接认证
USER_AUTH_RESPONSE=$(curl -s -X GET "${USER_SERVICE_URL}/user/current-user" \
  -H "Authorization: Bearer $TOKEN")

echo "用户服务认证响应:"
echo "$USER_AUTH_RESPONSE"
echo ""

echo "4. 测试无token访问..."
echo "请求: GET ${GATEWAY_URL}/api/user/current-user"
echo ""

# 测试无token访问
NO_TOKEN_RESPONSE=$(curl -s -X GET "${GATEWAY_URL}/api/user/current-user")

echo "无token访问响应:"
echo "$NO_TOKEN_RESPONSE"
echo ""

echo "5. 测试无效token访问..."
echo "请求: GET ${GATEWAY_URL}/api/user/current-user"
echo "Header: Authorization: Bearer invalid_token"
echo ""

# 测试无效token访问
INVALID_TOKEN_RESPONSE=$(curl -s -X GET "${GATEWAY_URL}/api/user/current-user" \
  -H "Authorization: Bearer invalid_token")

echo "无效token访问响应:"
echo "$INVALID_TOKEN_RESPONSE"
echo ""

echo "6. 测试白名单路径..."
echo "请求: GET ${GATEWAY_URL}/api/user/auth/check-login"
echo ""

# 测试白名单路径
WHITELIST_RESPONSE=$(curl -s -X GET "${GATEWAY_URL}/api/user/auth/check-login")

echo "白名单路径响应:"
echo "$WHITELIST_RESPONSE"
echo ""

echo "=========================================="
echo "测试完成"
echo "=========================================="

# 检查结果
if echo "$GATEWAY_AUTH_RESPONSE" | grep -q '"code":200'; then
    echo "✅ 网关认证逻辑测试通过"
else
    echo "❌ 网关认证逻辑测试失败"
fi

if echo "$USER_AUTH_RESPONSE" | grep -q '"code":200'; then
    echo "✅ 用户服务认证逻辑测试通过"
else
    echo "❌ 用户服务认证逻辑测试失败"
fi

if echo "$NO_TOKEN_RESPONSE" | grep -q "401"; then
    echo "✅ 无token访问拦截测试通过"
else
    echo "❌ 无token访问拦截测试失败"
fi

if echo "$INVALID_TOKEN_RESPONSE" | grep -q "401"; then
    echo "✅ 无效token拦截测试通过"
else
    echo "❌ 无效token拦截测试失败"
fi

if echo "$WHITELIST_RESPONSE" | grep -q '"code":200'; then
    echo "✅ 白名单路径测试通过"
else
    echo "❌ 白名单路径测试失败"
fi

echo ""
echo "测试脚本执行完成！"
